Using the Yubikey, a Universal 2nd Factor (U2F) compatible security key for Facebook

Yesterday , I participated in a productive roundtable discussion with Facebook . Journalists were given a workshop on safety and along with it, each one of us  received  a Yubikey U2F  for simple and strong authentication.  U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers, or client software needed. YubiKeys provide an additional secret beyond my password when I access my important accounts like Facebook and Google . The extra layer of protection is called a second factor or 2-Step Verification. Even if my username and password (first factor) is stolen, hackers cannot get into my  account without having possession of my Security Key (second factor). The only way someone could get in to my account would be to have both your password and your physical key — not very possible.

I didn’t know it was a U2F Security key until I discovered the url :  and discovered security keys are part of an extra security feature called two-factor authentication. Facebook explains that “if you own a Universal 2nd Factor (U2F) compatible security key and add it as an authentication method, you can use it when logging into your Facebook account from a computer or mobile device they don’t recognize.”

So I was curious how it worked. I plugged it in my USB C adpator.

Ready to set it up. You can scroll below or click here for detailed instructions.

To add a security key, you’ll need to be using the latest version of Chrome or Opera. Once you’ve done this:
  1. Go to your Security and Login Settings
  2. Scroll down to Use two-factor authentication and click Edit
  3. Go to Security Keys and click Add Key
  4. Follow the on-screen instructions

It looks like this screen below.

Add Security key

Insert security key, After inserting your key, press the button or gold disk to continue.

Look, I love the magical blinking light.

if the key has a blinking light, press the button or gold disk.

Finally, name your security name . Give your security key a unique name.

If you successfully added your security key, it will appear with the name you’ve given it in your Security Keys section.

Using Your Security Key

Now that you have a two-factor authentication turned on and added the above security key, you’ll be asked to tap your security key the next time you log into Facebook from Chrome or Opera on an unrecognized device .

I was thinking what if I don’t have my security key with me or what if it isn’t working.

You can still choose to use a different method to log in using one of your other authentication methods, such as a mobile phone or Code Generator.When you or anyone else tries to log in to your account from another computer, your YubiKey will be required.

Logging in to Your Facebook Account

  1. On the Facebook login page using Chrome or Opera, enter your Email or PhonePassword, and click Log In.
  2. In the Two-Factor Authentication Required screen, be sure your registered YubiKey is inserted and the light is flashing, before you tap it.
  3. In the Remember Browser screen, choose if you want to save this browser so you don’t have to authenticate the next time you log in.

Secure recovery — It is recommended that users register at least two U2F devices with every service provider should a U2F device be misplaced. Services may also provide the user with a backup code that they store in a safe place.

I was also thinking  What happens if I lose my YubiKey?

It depends on how you are using your YubiKey. For U2F-enabled applications, you have specified a backup mechanism for logging in (such as SMS) from the beginning, so you can be sure you can always access your email or data. You can then log in and remove that YubiKey and easily add a new one.  It is good to have a backup YubiKey, just like you would have a backup set of keys for your home or car, and you can then use that YubiKey to authenticate with. Remember, since this is two-factor authentication, if someone finds your key, that person still needs to know your user name and password — without both your user name, password, and YubiKey, there is no way anyone can log in to your accounts.

Facebook says the security key can be used with other websites while also being used for your Facebook account. I should try to secure my Google Account  with Yubico’s U2F-compliant YubiKey.